Lucene search
HistoryOct 09, 2012 - 11:55 p.m.
CVE-2012-5351
apache axis2
forged messages
authentication bypass
saml assertion
signature exclusion attack
cve-2012-5351
9.4 High
AI Score
Confidence
High
6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
0.002 Low
EPSS
Percentile
55.2%
Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a “Signature exclusion attack,” a different vulnerability than CVE-2012-4418.
| CPE | Name | Operator | Version |
|---|---|---|---|
| apache:axis2 | apache axis2 | eq | - |
Related
prion
prion
Authentication flaw
2012-10-09 23:55:00
Authentication flaw
2012-10-09 23:55:00
osv
osv
Improper Authentication in Apache Axis2
2022-05-13 01:01:04
Apache Axis2 Vulnerable to XML Signature wrapping attack
2022-05-17 05:16:12
github
github
Improper Authentication in Apache Axis2
2022-05-13 01:01:04
Apache Axis2 Vulnerable to XML Signature wrapping attack
2022-05-17 05:16:12
openvas
openvas
Apache Axis2 <= 1.6.2 Multiple Vulnerabilities
2015-03-17 00:00:00
ibm
ibm
cve
cve
CVE-2012-4418
2012-10-09 23:55:00
9.4 High
AI Score
Confidence
High
6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
0.002 Low
EPSS
Percentile
55.2%
Related for CVE-2012-5351